General
-
Target
94e67670b8ecb58cd7b53a34dc2768ac1a9c370eccd0a6a9a0b6be3330fe1f30
-
Size
1.1MB
-
Sample
230409-rjthysbd35
-
MD5
7f239e7b2bd8ac45c1e439e65233947a
-
SHA1
f7b787d03c2fa722c214d511e6c2f9cae7017ee3
-
SHA256
94e67670b8ecb58cd7b53a34dc2768ac1a9c370eccd0a6a9a0b6be3330fe1f30
-
SHA512
1f7974f2e41ec11e563481dd029715f0747492ca3fd0f6099d1005d28acfa70eaa6a19d24e607c70ec2c63271a43ea9fdf3aa04a41f9654253c1a8d108323a6f
-
SSDEEP
24576:1ynewU9vk7rSz+Zbe5v34uGhp/bNCamZnx0zM1H3cB5mvkjorgh:Qe6u0QAuG/bNnInBsrakjoE
Static task
static1
Malware Config
Extracted
redline
norm
77.91.124.145:4125
-
auth_value
1514e6c0ec3d10a36f68f61b206f5759
Extracted
redline
lenox
77.91.124.145:4125
-
auth_value
a5c9c17a250a084c5fd706c1df7c2d4e
Extracted
amadey
3.70
212.113.119.255/joomla/index.php
Targets
-
-
Target
94e67670b8ecb58cd7b53a34dc2768ac1a9c370eccd0a6a9a0b6be3330fe1f30
-
Size
1.1MB
-
MD5
7f239e7b2bd8ac45c1e439e65233947a
-
SHA1
f7b787d03c2fa722c214d511e6c2f9cae7017ee3
-
SHA256
94e67670b8ecb58cd7b53a34dc2768ac1a9c370eccd0a6a9a0b6be3330fe1f30
-
SHA512
1f7974f2e41ec11e563481dd029715f0747492ca3fd0f6099d1005d28acfa70eaa6a19d24e607c70ec2c63271a43ea9fdf3aa04a41f9654253c1a8d108323a6f
-
SSDEEP
24576:1ynewU9vk7rSz+Zbe5v34uGhp/bNCamZnx0zM1H3cB5mvkjorgh:Qe6u0QAuG/bNnInBsrakjoE
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-